DOCSLIB.ORG

INSECURE-Mag-12.Pdf

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
INSECURE-Mag-12.Pdf Welcome to another issue of (IN)SECURE, packed with a variety of security articles for all levels of knowledge. With pressure related to PCI compliance growing as the year progresses, we offer some insight into the topic. We have an interview with Jeremiah Grossman from WhiteHat Security who will give you some interesting details when it comes to web application security. There’s also material about keyloggers, Network Access Control, Windows security, and much more. In collaboration with Addison-Wesley and Cisco Press, we have a book giveaway where 5 lucky readers will get some free knowledge. What are you waiting for? Mirko Zorz Chief Editor Visit the magazine website at www.insecuremag.com (IN)SECURE Magazine contacts Feedback and contributions: Mirko Zorz, Chief Editor - [email protected] Marketing: Berislav Kucan, Director of Marketing - [email protected] Distribution (IN)SECURE Magazine can be freely distributed in the form of the original, non modified PDF document. Distribution of modified versions of (IN)SECURE Magazine content is prohibited without the explicit permission from the editor. For reprinting information please send an email to [email protected] or send a fax to 1-866-420-2598. Copyright HNS Consulting Ltd. 2007. www.insecuremag.com Take care of spam on your phpBB forum with bbAntiSpam bbAntiSpam released bbAntiSpam Advanced Textual Confirmation 1.0.2. This PHP script will help users build rock-solid protection against spam messages for their phpBB, vBulletin, WordPress, Wiki, or a guestbook. The bbAn- tiSpam script works transparently between visi- tors and a PHP application. When some one at- tempts to submit data, the script comes to life and starts the confirmation process. It will select a random question from its database and wait for the visitor to give the correct answer. Once it’s provided, the request of the visitor is forwarded to the web application. (www.bbantispam.com) Requirements for the CISSP certificate will be raised (ISC)2 announced its board of directors has approved new professional experi- ence and endorsement requirements for the Certified Information Systems Secu- rity Professional (CISSP) certification. Effective 1 October 2007, the minimum ex- perience requirement for certification will be five years of relevant work experience in two or more of the 10 domains of the CISSP CBK, a taxonomy of information security topics recognized by professionals worldwide, or four years of work experience with an applicable col- lege degree or a credential from the (ISC)2-approved list. Currently, CISSP candidates are re- quired to have four years of work experience or three years of experience with an applicable col- lege degree or a credential from the (ISC)2-approved list, in one or more of the 10 domains of the CISSP CBK. (www.isc2.org) www.insecuremag.com 5 First geographical load balancing SSL VPN AEP Networks announced the AEP Netilla Security Platform (NSP) Release 5.6, in which the standard load-balancing configu- rations now enable geographical load balancing, providing load sharing and fail-over between independent NSP clusters in geo- graphically diverse data centers. It is configurable by the enter- prise as active-active for organizations self-insuring against a failure in their owned data centers or as active-passive for customers using a standby/backup disaster recovery facility service, such as those provided by IBM or Sungard. (www.aepnetworks.com) SonicWALL Network Security Appliance E7500 unveiled SonicWALL unveiled the SonicWALL Network Security Ap- pliance (NSA) E7500, a new gateway security appliance that makes deep packet inspection security productive and easy to manage in larger network deployments. Designed to en- able the highest level of UTM performance at its price point, the NSA E7500 is intended for campus networks, distributed environments and data centers. The NSA E7500 features SonicWALL’s characteristic ease of management combined with low cost of ownership and a rich set of inbound and outbound network control capabilities. (www.sonicwall.com) Nearly 40 percent of large organizations don’t monitor databases for suspicious activity Application Security announced the results of a Ponemon Institute survey underscoring the serious challenges organizations face in securing sensi- tive data. With more than 150 million data records exposed in the past two years, the survey also highlights an organizational disconnect between the realization of the threat and the urgency in addressing it. Forty percent said their organiza- tions don’t monitor their databases for suspicious activity, or don’t know if such monitoring occurs. Notably, more than half of these organizations have 500 or more databases – and the number of databases is growing. (www.appsecinc.com) New Digital Signature Services OASIS Standard The members of the the international standards consortium OASIS have approved Digital Signature Services (DSS) version 1.0 as an OASIS Standard, a status that signifies the highest level of ratifica- tion. DSS defines an XML interface to process digital signatures for Web services and other applications, enabling the sharing of digital signature creation, verification and other associated services, without complex client software and configuration. DSS describes two XML-based request/response protocols, one for signatures and a second for verification. Using these protocols, a client can send documents to a server and re- ceive back a signature on the documents; or send documents and a signature to a server and re- ceive back an answer on whether the signature verifies the documents. (www.oasis-open.org) www.insecuremag.com 6 GFI releases software suite for PCI DSS compliance GFI Software announced the release of the GFI PCI Suite, a package aimed at helping companies meet the strict requirements and tight dead- lines imposed by the Payment Card Industry Data Security Standards (PCI DSS) and comply with the majority of automated processes required for compliance. The GFI PCI Suite provides a centralized management console through which systems administrators can deploy the PCI DSS enhanced versions of GFI EventsManager and GFI LANguard N.S.S. – two solutions that are vital to network security and essential to meet the directives imposed by PCI DSS. GFI EventsManager boosts PCI DSS com- pliancy efforts by alerting administrators on key events occurring on the network while GFI LAN- guard N.S.S. allows IT professionals to proactively identify network security weaknesses and fix them before these are exploited. (www.gfi.com) New Symantec Foundation IT Risk Assessment service Symantec announced Symantec Foundation IT Risk As- sessment, a comprehensive consulting service designed to provide customers with an overview of their current IT risk exposure and guidance on remediation. The service helps customers take the first step toward a comprehensive IT Risk Management program. The service identifies, catego- rizes and prioritizes current IT risks so investments can be made in projects that manage IT risk, cost, and performance for maximum business returns. (www.symantec.com) One-time passcodes on mobile devices with SafeWord MobilePass Secure Computing released SafeWord MobilePass, a new software authenticator that allows a user access to Virtual Private Networks (VPN), Citrix, Outlook and a number of other applications through one-time pass- codes generated on their personal mobile device or laptop PC. Mobile- Pass provides convenience as well as enhanced security through proven, two-factor authentication, establishing proof-positive identity for all users accessing trusted corporate and consumer applications. Additionally, SafeWord MobilePass helps to increase productivity at a low total cost of ownership. (www.securecomputing.com) New software programmer exams for application security certification The SANS Institute launched the first GIAC Secure Software Programmer (GSSP) exams. The inaugural exams covering C and Java/Java EE will be held August 14, 2007, in Washington, D.C. “The lack of trustworthy standards and certifications has been a challenge for software buyers and software de- velopers,” said Hartmut Raffler, head of Technology Division Information and Communication at Siemens Corporate Technology. “Secure programming skills are essential for building software that can be trusted. SANS’ willingness to offer this exam as part of a compre- hensive secure coding improvement strategy is exciting and will help both buyers and sellers of software.” (www.sans.org) www.insecuremag.com 7 If you have been reading through (IN)SECURE Magazine or its sister web site Help Net Security, you have seen that endpoint security is one of the hottest information security topics. With all the new portable devices, ranging from 2 GB USB key chains, to U3 sticks or even the new Apple media darling iPhone, organizations are seeing more and more potential problems surrounding them. You cannot strip search your employees for any eligible portable device, but you can enforce strict company policies with a tool like DeviceWall (www.devicewall.com). This application gives you an opportunity to centrally manage and control the usage of any kind of portable media on computers located on your network. Installation computer a MSDE instance that will act as an SQL server. As you probably figured out, the The DeviceWall installation process is a typi- SQL server will be used for centralized log- cal one. After setting up your registration de- ging of events. If in the past you used some of tails, you have the opportunity of choosing the crypto products such as OpenSSL or one of two setup options. The application PGP, the final act of the installation will be a needs an SQL installation, so if you don't familiar one - you will need to dynamically have one active yet, just choose the "Typical" move the pointer of your mouse to generate a type of setup. This way, after DeviceWall is random key later used by the software. installed, the setup wizard will place on your www.insecuremag.com 8 The DeviceWall control center interface During the installation of the product on my Release.txt which came in the installation computer running Windows Vista, I came package.
Load more

Recommended publications
  • Threat Modeling and Circumvention of Internet Censorship by David Fifield
    Threat modeling and circumvention of Internet censorship By David Fifield A dissertation submitted in partial satisfaction of the requirements for the degree of Doctor of Philosophy in Computer Science in the Graduate Division of the University of California, Berkeley Committee in charge: Professor J.D. Tygar, Chair Professor Deirdre Mulligan Professor Vern Paxson Fall 2017 1 Abstract Threat modeling and circumvention of Internet censorship by David Fifield Doctor of Philosophy in Computer Science University of California, Berkeley Professor J.D. Tygar, Chair Research on Internet censorship is hampered by poor models of censor behavior. Censor models guide the development of circumvention systems, so it is important to get them right. A censor model should be understood not just as a set of capabilities|such as the ability to monitor network traffic—but as a set of priorities constrained by resource limitations. My research addresses the twin themes of modeling and circumvention. With a grounding in empirical research, I build up an abstract model of the circumvention problem and examine how to adapt it to concrete censorship challenges. I describe the results of experiments on censors that probe their strengths and weaknesses; specifically, on the subject of active probing to discover proxy servers, and on delays in their reaction to changes in circumvention. I present two circumvention designs: domain fronting, which derives its resistance to blocking from the censor's reluctance to block other useful services; and Snowflake, based on quickly changing peer-to-peer proxy servers. I hope to change the perception that the circumvention problem is a cat-and-mouse game that affords only incremental and temporary advancements.
    [Show full text]
  • A Privacy Threat for Internet Users in Internet-Censoring Countries
    A Privacy Threat for Internet Users in Internet-censoring Countries Feno Heriniaina R. College of Computer Science, Chongqing University, Chongqing, China Keywords: Censorship, Human Computer Interaction, Privacy, Virtual Private Networks. Abstract: Online surveillance has been increasingly used by different governments to control the spread of information on the Internet. The magnitude of this activity differs widely and is based primarily on the areas that are deemed, by the state, to be critical. Aside from the use of keywords and the complete domain name filtering technologies, Internet censorship can sometimes even use the total blocking of IP addresses to censor content. Despite the advances, in terms of technology used for Internet censorship, there are also different types of circumvention tools that are available to the general public. In this paper, we report the results of our investigation on how migrants who previously had access to the open Internet behave toward Internet censorship when subjected to it. Four hundred and thirty-two (432) international students took part in the study that lasted two years. We identified the most common circumvention tools that are utilized by the foreign students in China. We investigated the usability of these tools and monitored the way in which they are used. We identified a behaviour-based privacy threat that puts the users of circumvention tools at risk while they live in an Internet-censoring country. We also recommend the use of a user-oriented filtering method, which should be considered as part of the censoring system, as it enhances the performance of the screening process and recognizes the real needs of its users.
    [Show full text]
  • Blocking-Resistant Communication Through Domain Fronting
    Proceedings on Privacy Enhancing Technologies 2015; 2015 (2):46–64 David Fifield*, Chang Lan, Rod Hynes, Percy Wegmann, and Vern Paxson Blocking-resistant communication through domain fronting Abstract: We describe “domain fronting,” a versatile 1 Introduction censorship circumvention technique that hides the re- mote endpoint of a communication. Domain fronting Censorship is a daily reality for many Internet users. works at the application layer, using HTTPS, to com- Workplaces, schools, and governments use technical and municate with a forbidden host while appearing to com- social means to prevent access to information by the net- municate with some other host, permitted by the cen- work users under their control. In response, those users sor. The key idea is the use of different domain names at employ technical and social means to gain access to the different layers of communication. One domain appears forbidden information. We have seen an ongoing conflict on the “outside” of an HTTPS request—in the DNS re- between censor and censored, with advances on both quest and TLS Server Name Indication—while another sides, more subtle evasion countered by more powerful domain appears on the “inside”—in the HTTP Host detection. header, invisible to the censor under HTTPS encryp- Circumventors, at a natural disadvantage because tion. A censor, unable to distinguish fronted and non- the censor controls the network, have a point working fronted traffic to a domain, must choose between allow- in their favor: the censor’s distaste for “collateral dam- ing circumvention traffic and blocking the domain en- age,” incidental overblocking committed in the course of tirely, which results in expensive collateral damage.
    [Show full text]
  • The Impact of Media Censorship: Evidence from a Field Experiment in China
    The Impact of Media Censorship: Evidence from a Field Experiment in China Yuyu Chen David Y. Yang* January 4, 2018 — JOB MARKET PAPER — — CLICK HERE FOR LATEST VERSION — Abstract Media censorship is a hallmark of authoritarian regimes. We conduct a field experiment in China to measure the effects of providing citizens with access to an uncensored Internet. We track subjects’ me- dia consumption, beliefs regarding the media, economic beliefs, political attitudes, and behaviors over 18 months. We find four main results: (i) free access alone does not induce subjects to acquire politically sen- sitive information; (ii) temporary encouragement leads to a persistent increase in acquisition, indicating that demand is not permanently low; (iii) acquisition brings broad, substantial, and persistent changes to knowledge, beliefs, attitudes, and intended behaviors; and (iv) social transmission of information is statis- tically significant but small in magnitude. We calibrate a simple model to show that the combination of low demand for uncensored information and the moderate social transmission means China’s censorship apparatus may remain robust to a large number of citizens receiving access to an uncensored Internet. Keywords: censorship, information, media, belief JEL classification: D80, D83, L86, P26 *Chen: Guanghua School of Management, Peking University. Email: [email protected]. Yang: Department of Economics, Stanford University. Email: [email protected]. Yang is deeply grateful to Ran Abramitzky, Matthew Gentzkow, and Muriel Niederle
    [Show full text]
  • Download and Install a New Trusted Root Certificate in Order to Connect to ~250 Foreign Web Sites
    The Information Safety & Capacity (ISC) Project FINAL REPORT 2011-2020 Submitted to: USAID/DCHA Submitted by: Counterpart International DISCLAIMER: This publication was produced by Counterpart International for review by the United States Agency for International Development under Cooperative Agreement AID-OAA-LA-11-00008 and Leader Cooperative Agreement Number: FD-A-00-09-00141-00. The authors’ views expressed in this publication do not necessarily reflect the views of the United States Agency for International Development or the United States Government. 2 The ISC Project Final Report Table of Contents 04 Executive Summary 20 Locally Created Resources and Tools 04 Introduction 20 Technology Development 05 Achievements & Milestones 22 Investment in Technology 06 Investing in Trust 22 Technology Support Grants: 2013 06 Initial Threats and Fixes 24 Technology Support Grants: 2016 06 State Actors and Suppression 24 Technology Support Grants: 2018 07 Looking Ahead 24 Technology Support Grants: 2019 08 Part One: ISC Project Vision and Strategy 25 Technology Support Grants: 2020 08 The Importance of Cybersecurity in Civil Society 26 Cyber Policy Support 09 Global Threats and Trends: Old and New 26 Internet Freedom Landscape 09 Cybersecurity Threats in the Beginning 27 Design Principles for Internet Freedom Support 10 Evolution of Threats Through Technological 28 Internet Governance and Internet Freedom: 2017- Innovation 2019 Awardees 11 The ISC Project’s Network of Digital Security 30 Internet Freedom Policy Advocacy: 2020 Specialists Awardees
    [Show full text]
  • Internet Censorship in Thailand: User Practices and Potential Threats
    Internet Censorship in Thailand: User Practices and Potential Threats Genevieve Gebhart∗†1, Anonymous Author 2, Tadayoshi Kohno† ∗Electronic Frontier Foundation †University of Washington [email protected] [email protected] 1 Abstract—The “cat-and-mouse” game of Internet censorship security community has proposed novel circumvention and circumvention cannot be won by capable technology methods in response [10, 25, 38]. alone. Instead, that technology must be available, The goal of circumventing censorship and attaining freer comprehensible, and trustworthy to users. However, the field access to information, however, relies on those largely focuses only on censors and the technical means to circumvent them. Thailand, with its superlatives in Internet circumvention methods being available, comprehensible, use and government information controls, offers a rich case and trustworthy to users. Only by meeting users’ needs can study for exploring users’ assessments of and interactions with circumvention tools realize their full technical capabilities. censorship. We survey 229 and interview 13 Internet users in With this goal in mind, the field lacks sufficient inquiry Thailand, and report on their current practices, experienced into the range of user perceptions of and interactions with and perceived threats, and unresolved problems regarding censorship. How do users assess censored content? What is censorship and digital security. Our findings indicate that the range of their reactions when they encounter existing circumvention tools were adequate for respondents to censorship? How does censorship affect the way they not access blocked information; that respondents relied to some only access but also produce information? extent on risky tool selection and inaccurate assessment of blocked content; and that attempts to take action with In addition to guiding more thorough anti-circumvention sensitive content on social media led to the most concrete strategies, these questions about users and censorship can threats with the least available technical defenses.
    [Show full text]
  • Evidence of Social Media Blocking and Internet Censorship in Ethiopia
    ETHIOPIA OFFLINE EVIDENCE OF SOCIAL MEDIA BLOCKING AND INTERNET CENSORSHIP IN ETHIOPIA Amnesty International is a global ABOUT OONI movement of more than 7 million The Open Observatory of Network Interference people who campaign for a (OONI) is a free software project under the Tor world where human rights are enjoyed Project that aims to increase transparency of internet censorship around the world. We aim to by all. empower groups and individuals around the world with data that can serve as evidence of internet Our vision is for every person to enjoy censorship events. all the rights enshrined in the Since late 2012, our users and partners around the Universal Declaration of Human world have contributed to the collection of millions of network measurements, shedding light on Rights and other international human multiple instances of censorship, surveillance, and rights standards. traffic manipulation on the internet. We are independent of any government, political We are independent of any ideology, economic interest or religion. government, political ideology, economic interest or religion and are funded mainly by our membership and public donations. © Amnesty International 2016 Except where otherwise noted, content in this document is licensed under a Creative Commons Cover photo: Youth in Addis trying to get Wi-Fi Connection. (attribution, non-commercial, no derivatives, international 4.0) licence. ©Addis Fortune https://creativecommons.org/licenses/by-nc-nd/4.0/legalcode For more information please visit the permissions page on our website: www.amnesty.org Where material is attributed to a copyright owner other than Amnesty International this material is not subject to the Creative Commons licence.
    [Show full text]
  • Domain Shadowing: Leveraging Content Delivery Networks for Robust Blocking-Resistant Communications
    Domain Shadowing: Leveraging Content Delivery Networks for Robust Blocking-Resistant Communications Mingkui Wei Cybersecurity Engineering George Mason University, Fairfax, VA, 22030 Abstract according to the Host header but have the TLS connection still appear to belong to the allowed domain. The blocking- We debut domain shadowing, a novel censorship evasion resistance of domain fronting derives from the significant technique leveraging content delivery networks (CDNs). Do- “collateral damage”, i.e., to disable domain fronting, the censor main shadowing exploits the fact that CDNs allow their cus- needs to block users from accessing the entire CDN, resulting tomers to claim arbitrary domains as the back-end. By set- in all domains on the CDN inaccessible. Because today’s ting the front-end of a CDN service as an allowed domain Internet relies heavily on web caches and many high-profile and the back-end a blocked one, a censored user can access websites also use CDNs to distribute their content, completely resources of the blocked domain with all “indicators”, includ- blocking access to a particular CDN may not be a feasible ing the connecting URL, the SNI of the TLS connection, and option for the censor. Because of its strong blocking-resistant the Host header of the HTTP(S) request, appear to belong power, domain fronting has been adopted by many censorship to the allowed domain. Furthermore, we demonstrate that evasion systems since it has been proposed [24, 28, 34, 36]. domain shadowing can be proliferated by domain fronting, In the last two years, however, many CDNs began to disable a censorship evasion technique popularly used a few years domain fronting by enforcing the match between the SNI and ago, making it even more difficult to block.
    [Show full text]
  • Jonathan Zittrain's “The Future of the Internet: and How to Stop
    The Future of the Internet and How to Stop It The Harvard community has made this article openly available. Please share how this access benefits you. Your story matters Citation Jonathan L. Zittrain, The Future of the Internet -- And How to Stop It (Yale University Press & Penguin UK 2008). Published Version http://futureoftheinternet.org/ Citable link http://nrs.harvard.edu/urn-3:HUL.InstRepos:4455262 Terms of Use This article was downloaded from Harvard University’s DASH repository, and is made available under the terms and conditions applicable to Other Posted Material, as set forth at http:// nrs.harvard.edu/urn-3:HUL.InstRepos:dash.current.terms-of- use#LAA YD8852.i-x 1/20/09 1:59 PM Page i The Future of the Internet— And How to Stop It YD8852.i-x 1/20/09 1:59 PM Page ii YD8852.i-x 1/20/09 1:59 PM Page iii The Future of the Internet And How to Stop It Jonathan Zittrain With a New Foreword by Lawrence Lessig and a New Preface by the Author Yale University Press New Haven & London YD8852.i-x 1/20/09 1:59 PM Page iv A Caravan book. For more information, visit www.caravanbooks.org. The cover was designed by Ivo van der Ent, based on his winning entry of an open competition at www.worth1000.com. Copyright © 2008 by Jonathan Zittrain. All rights reserved. Preface to the Paperback Edition copyright © Jonathan Zittrain 2008. Subject to the exception immediately following, this book may not be reproduced, in whole or in part, including illustrations, in any form (beyond that copying permitted by Sections 107 and 108 of the U.S.
    [Show full text]
  • Download Free Filter Shekan for Windows 7
    Download free filter shekan for windows 7 Downloaded by over million people worldwide! Works on the PC and the Mac, including new operating systems (Windows 7 and Snow Leopard). OS: Windows XP/ Vista/ Windows 7/ Windows 8/ Windows 10 Hotspot Shield is available both as a free VPN and a paid Hotspot Shield Elite. Hotspot Shield is a free program that allows you to secure your connection I dnt know whether the problem is my Pc coz I am using windows 7 but this is not. Psiphon latest version: Free Access for All Internet Users. Using the programme could lead to legal issues. Free Download Safe download. 7 Windows 7. download filter shekan for windows 7, Windows Live Messenger , Windows 8 Transformation Pack , Mp3 Filter Download filter shekan sayfon social advice Users interested in Opera mini pc Windows 7 - Free Download Windows 7 opera mini pc. download psiphon Give Internet access to those who are barred from It.. Psiphon is an open source tool designed to circumvent censorship suffered by. Protect your children against harmful Web sites with this extremely powerful parental-filter application. Optenet Web Filter PC, now Vista compatible, places an. You can run Lantern on Windows XP • Windows Vista • Windows 7 • Win that you can find on , including Lantern, are either free. Get reliable VPN software for Windows at Hotspot Shield. Download it risk-free today and use public Wi-Fi while keeping your sensitive information secure. Download Filter Shekan For Windows 7 - best software for Windows. Filter Shekan Turbo. Filter Shekan Vpn For Iran, free filter shekan vpn for iran software downloads.
    [Show full text]
  • ENGLISH Internet Shutdowns
    Internet Shutdowns and Blockages دری Dari https://docs.google.com/document/d/1KZhHh38m0g1M6pb0cx5bveHqasTCXh_ueCnh2hs86kA/ edit?usp=sharing All of this only helps if you download these tools before censorship or network shutdowns happen. Your use of these tools can often be detected by your Internet provider, and show up as installed apps visible to anyone looking at your unlocked phone. Dedicated anti-censorship tools: ● Psiphon is a free and open source censorship circumvention VPN that uses a variety of techniques to bypass Internet censorship ○ https://www.psiphon3.com/en/download.html (iOS, Android, Windows) ○ Download via email: Send an email to [email protected] to receive mirror download links of Psiphon in multiple languages. ● Lantern is a free and open source censorship circumvention VPN that uses a variety of techniques to bypass Internet censorship. ○ https://getlantern.org/en_US/index.html (Windows, MacOSX, Linux, iOS, Android) ● Tor Browser is the de-facto anonymity web browser that uses the Tor network for improved anonymity and provides censorship circumvention. ○ https://www.torproject.org/download/ (Windows, MacOSX, Linux, Android); ○ Download via email: Send a request to GetTor ([email protected]) specifying your operating system (and your locale). Ex: "windows fa" ○ OnionBrowser (iOS) https://onionbrowser.com https://apps.apple.com/us/app/onion-browser/id519296448 VPNs with good anti-censorship track records: ● TunnelBear - https://www.tunnelbear.com/download - (Windows, MacOSX, Linux, iOS, Android) ○ NOTE: Tunnelbear
    [Show full text]
  • Practical Countermeasures Against Network Censorship
    Practical Countermeasures against Network Censorship by Sergey Frolov B.S.I.T., Lobachevsky State University, 2015 M.S.C.S., University of Colorado, 2017 A thesis submitted to the Faculty of the Graduate School of the University of Colorado in partial fulfillment of the requirements for the degree of Doctor of Philosophy Department of Computer Science 2020 Committee Members: Eric Wustrow, Chair Prof. Sangtae Ha Prof. Nolen Scaife Prof. John Black Prof. Eric Keller Dr. David Fifield ii Frolov, Sergey (Ph.D., Computer Science) Practical Countermeasures against Network Censorship Thesis directed by Prof. Eric Wustrow Governments around the world threaten free communication on the Internet by building increasingly complex systems to carry out Network Censorship. Network Censorship undermines citizens’ ability to access websites and services of their preference, damages freedom of the press and self-expression, and threatens public safety, motivating the development of censorship circumvention tools. Inevitably, censors respond by detecting and blocking those tools, using a wide range of techniques including Enumeration Attacks, Deep Packet Inspection, Traffic Fingerprinting, and Active Probing. In this dissertation, I study some of the most common attacks, actually adopted by censors in practice, and propose novel attacks to assist in the development of defenses against them. I describe practical countermeasures against those attacks, which often rely on empiric measurements of real-world data to maximize their efficiency. This dissertation also reports how this work has been successfully deployed to several popular censorship circumvention tools to help censored Internet users break free of the repressive information control. iii Acknowledgements I am thankful to many engineers and researchers from various organizations I had a pleasure to work with, including Google, Tor Project, Psiphon, Lantern, and several universities.
    [Show full text]